Following the recent innovations brought about by Cloud Computing and resource virtualization, current advances in communication infrastructures show an unprecedented central role of software-based solutions [callegati2013sdn]. On the one hand, Network Function Virtualization (NFV) [CommSurvNFV2016] supports the deployment of network functions—e.g., load balancers, firewalls, intrusion detection devices, and traffic accelerators—as pieces of software running on off-the-shelf hardware. On the other hand, Software Defined Networking (SDN) [CommSurvSDN2014] decouples the software-based control and management plane from the hardware-based forwarding plane, turning traditional infrastructures into fully programmable communication platforms. A SDN is hence a network whose topology can be orchestrated dynamically. By taking advantage of the complementary features of NFV and SDN it fosters the provision of flexible and cost-effective network services—from now on, referred simply as services.
As detailed in Section 2, in an NFV/SDN framework, services are deployed as Service Function Chains (SFC) [RFC-SFC], i.e., the concatenation of some basic functions, typically running in some form of virtual environment (virtual machine, container etc.). These are called Virtual Network Functions in short VNFs. Essentially, an SFC corresponds to the sequence of VNFs that a traffic flow traverses from its source to its destination. In this context, multiple network configurations can coexist over the same physical infrastructure, bypassing the need for specialized hardware and physical network reconfigurations. Moreover the software-based SFCs can be instantiated, controlled, modified, and removed over a small time scale which is impossible to achieve in traditional networks typically requiring physical or manual reconfiguration to modify topology and/or forwarding. However, one of the main problems linked to SFC planning is that it is complex to define and apply SFC configurations that both respect multiple domain-level properties (QoS, etc.) and also avoid misbehaviors over contrasting or incompatible service desiderata. This calls for both suitable, high-level languages to easily describe SFC requests and for tools to efficiently design SFC—once the request is received—given the available VNFs and network resources.
In the remainder of the paper, in Section 2 we provide background knowledge and a detailed description of NFV/SDN-based frameworks, introducing the elements of the problem. In Section 3 we set the general problem framework and present our model to specify user desiderata and domain-level properties. In Section 4 we describe how to translate a given model into a MiniZinc finite domain specification, reporting in Section 5 validation experiments and performance results. Finally, in Section 6 we consider related work, we draw conclusions, and delineate future work.
2 Application Context: NFV/SDN Networking
In this section we introduce our application context and its elements (identified by the paragraph titles).
NFV/SDN paradigms promise to revolutionize network management through the concept of network programmability, i.e., the possibility to run network services in a similar way as running software in a computer. Indeed, traditional network functions are bound to hardware devices, in which actions like instantiating a new service or modifying a service instance are rather complex and require specialized operations. Contrarily, the combination of recent NFV/SDN technologies paves the way to fully programmable communication networks. The expected benefits of programmable networks are reduced operation costs, as well as increased flexibility and responsiveness.
Network Function Virtualization.
In NFV network functionalities, mostly implemented by means of dedicated appliances (middleboxes, like firewalls, NATs, packet inspectors, traffic conditioners, etc.) are turned into software applications, called Virtual Network Function (VNF). These are shipped inside virtual machines or containers and hosted into cloud computing infrastructures equipped with off-the-shelf hardware (i.e., not specialized for a specific networking function) [CommSurvNFV2016].
Software Defined Networking.
SDN decouples the network control plane from the data forwarding plane. The former is placed into a so called SDN controller, defining all the forwarding logics in a centralized way and injecting them into the networking devices. The main protocol proposed for SDN is Openflow [OpenFlow], which is designed to support the dialog between network controllers and appliances.
The ETSI NFV-MANO Framework.
NFV became subject of standardization by ETSI in the NFV Management and Orchestration (MANO) framework. ETSI launched the initiative by bringing together seven leading telecom operators in 2012. Currently over 300 individual companies [ETSI-companies], including many global service providers, joined the initiative, which is the reference standardization framework in this field. We provide in Fig. 1 a conceptual representation of the approach proposed by the ETSI NFV-MANO framework—from now on called MANO [ETSI-MANO]. In MANO, VNFs are deployed over a set of cloud data centers that may be either closely or remotely located, depending on the specific service implementation scenario. The data centers are managed by a specific cloud infrastructure management system chosen by the owner/provider, e.g., the renowned OpenStack [OpenStack] platform, while general networking services are managed by SDN controllers. MANO addresses both cloud and network controllers as Virtualized Infrastructure Managers (VIMs).
The NorthBound Interface.
The components in Fig. 1 must interact by means of suitable Application Programming Interfaces (APIs) and, roughly speaking, the API offered by a given functional block to the one that is logically above it (providing increased abstraction) is usually called a NorthBound Interface (NBI) while the interface with one logically below (closer to the specific implementation) is called a SouthBound Interface (SBI)111For completeness, interfaces between functional blocks at the same architectural level are usually addressed as East/West-bound interfaces..
The Service Function Chain.
In this context, a service is a specific combination of VNFs and communication capabilities that are requested by a user and that must be implemented in the available infrastructure.222Here, users may either be customers (residential or business) requiring a specific networking service or network operators configuring specific services for their customers. This is the Service Function Chain (SFC), i.e. the implementation of a composite service as the concatenation of basic services, typically implemented via VNFs. For instance an SFC could be the sequence of a NAT and a Firewall at the edge of the provider network, serving a set of customers. In essence, an SFC is the series of VNFs that a traffic flow must traverse from its source to its destination. Thanks to the capabilities offered by SDN and NFV, SFCs can be dynamically controlled and modified over a relatively small time scale, both increasing the flexibility of service provisioning and reducing the management burden.
SFC deployment planning.
The aspect we focus in this paper is SFC deployment planning, also called Service Function Chaining (SF-Chaining). Within a single technological and administrative domain, e.g., a single data center, SF-Chaining can be successfully achieved with the help of the native domain management system, i.e. the VIM [callegati2016sdn].
However, when the SFC spans across multiple network domains, (c.f., Fig. 2) each owned by a different player and characterized by different technology stacks, the dimensional and logical complexity of the problem increases. With many domains and many VNFs per domain the space of possible solutions to a specific SF-Chaining problem becomes very large as formally shown in the following section. Moreover the specification of the SF-Chaining request in a general way, that can be mapped over the various domains is also non trivial [NetSysMD2NFV2015, NOMSDISCO2014, SIGCOMMUNIFY2015].
MANO provides a general architectural framework for the implementation of NFV but does not provide implementation details for the various interfaces of logical levels, that are still matter of study and testing.
Regarding the specification of the SF-Chaining request, solutions have been recently proposed to implement a vendor-agnostic, and interoperable NBI interface for the MANO according to the intent-based approach [cohen2013intent]. Very briefly the intent-based approach goal is to provide a semantic at the interface that allows the user to focus on what he/she wants to achieve and not on how it will be implemented, thus hiding all the technology-specific details and making the service request as general as possible. In this work we extend and better formalize this approach by providing a general schema for the semantics of the interface that can be easily translated into technology dependent specifications.
While the intent-based specification solves the problem of applying a global plan over multiple domains, it does not answer the problem of engineering the SF-Chaining, which instead need to consider: SFC design, i.e., selecting the set of VNFs to be chained to implement the SFC, with the goal of optimizing some notion of cost; VNF activation and placement, i.e., where to execute VNFs when more options are available, for instance with the goal to maximize performance or distribute the workload.
SF-Chaining is a crucial part of the Resource Allocation problem in an NFV environment and has been mostly studied by means of Mixed Integer Linear Programming[HB16]
. Unfortunately the complexity of the problem makes such solutions viable just for small networks. Usually heuristics are proposed and tailored to some specific optimization goal, thus limiting their applicability or generality. The problem is that, when designing an SFC, beside standard shortest-path problems, one has to solve additional constraints arising from the specific nature of the service functions involved. For example, if a Virtual Private Network (VPN) function is present, which encrypts a message before it leaves the source domain, then a complementary VPN function should appear before the final destination, to decrypt the message.
In this work we propose an efficient, general and scalable tool, based on Constraint Programming (CP), for the engineering of SFC plans over multiple domains. We will show that complex SFC plans can be computed in a small time-frame, turning the engineering and application of SFC plans from a manual, time-consuming activity to an automatic and just-in-time task.
3 Problem Definition
With reference to what explained above, in this section we set the general problem framework following the schematic presented in Fig. 2. In particular we assume the following.
Network architecture. The network is divided into a number of Domains, defined according to administrative and/or technological boundaries. For the purpose of this work a Domain is an infrastructure that is managed homogeneously by a single actor. The Domain has one or a set of Virtual Infrastructure Managers that are properly coordinated and thus acts as a single entity. The resources of the Domain are managed as a whole.
Inter-Domains interconnection. We assume that the various Domains are interconnected by Domain border gateways and interconnection links. Domain interconnections may be at the geographical as well as at the local level, depending on topological and administrative constraints. Domain interconnection can be related to some form of QoS objective, either cost, latency, bandwidth availability, etc. depending on the specific scenario.
Intra-Domains interconnection. The networking among VNFs of the same domain is not a subject of this work. We assume that, within a domain, connectivity is granted at a level of Quality of Service sufficient for the purpose. If the various domains are data centers, their management platforms provision the resources needed in terms of computation, networking etc.
VNFs. The Virtual Network Functions are devoted to specific networking tasks. In this work we assume that one VNF performs just one task, therefore we will talk of VNF types to specify which tasks are performed. The VNF types considered in the following are briefly described below.
VNF location. VNFs are executed in the data centers hosted in the various Domains. In principle the Domains are not homogeneous in terms of connectivity, computing capabilities and functionalities, therefore a Domain may or may not be suitable to execute some VNFs. Moreover it may be that a given VNF has to be executed into a specific domain. Without loss of generality, we restrict the choice of the location of each VNF in an SFC to three options: the source Domain, the destination Domain or unspecified; the latter meaning that the VNF can be located in any available Domain, including source and destination.
The set VNF types is a set of network functions that we consider to be part of common networking practice, obviously the work can be extended to include other types of VNFs.
Deep Packet Inspector (DPI). Looks into the content of the packets and takes specific forwarding decisions according to specific predefined patters.
Network Address Translator (NAT). Translates IP addresses mostly used to interconnect ares with private IP addressing from the public Internet.
Traffic Shaper (TS). May enforce specific packet and/or bit rate limitations to a traffic flow.
Wide Area Network Accelerator (WANA). Compresses packet content to provide higher transfer speed.
Virtual Private Network Endpoint (VPN). Encrypts data flows and authenticate users over a specific public network section.
Note that gateway VNFs do not appear in the user desiderata, however, since they provide inter-domain connections, we will also consider them among VNFs.
3.1 Service Function Chain specification
In the remainder, to distinguish between customer and network operator SFC desiderata, we call the former user requests and the latter domain constraints. In order to provide a concrete and simple model for specifying SFC user requests, immediately usable in practice, we rely on the JSON [crockford2006] notation, defining the model using the generic formalism of JSON Schema [json_schema] as follows.
Definition 1 (SFC user request)
A Service Function Chain user request is any JSON specification compliant with the JSON Schema below (indented and grayed-out to ease reading), where we assume that the cardinalities of vnfList, prox_to_src, and prox_to_dst are equal.
Briefly, the highlighted elements in Definition 1 represent:
src and dst the start and target domain of the service chain;
qos the QoS feature to be provided with the service chain;
qos_type a high-level unique identifier of a QoS metric;
qos_thr the QoS threshold to be applied to the specified metric;
qos_value the value assigned to the threshold;
vnfList is the ordered list of VNFs to be traversed for the requested service. We enumerate them in type VNFs as strings representing the VNFs we support in our model (and mentioned at the beginning of Section 3);
dupList is the set of VNF types where the traffic needs to be duplicated.
Finally, prox_to_src and prox_to_dst are Masks on the vnfList, i.e., they are arrays of booleans with the same cardinality of vnfList that indicate if a VNF should be respectively located in the domain of the src or of the dst.
To complete Definition 1, we report an example of SFC user request. In the code below, the user requests a chain between domains s and d, indicating a qos on the speed of the connection, measured in terms of bandwidth with a threshold of 9% on the throughput of transmitted data. The service request consists of (in this order): a DPI (whose traffic is duplicated, as per dupList), a VPN in the domain of s and a complementary VPN function in the domain of d.
In the next section, we explain how we combine the parameters above are to define the solution to an SFC planning problem.
3.2 SFC design problem
In order to formalize the SFC design problem we represent a network architecture in abstract terms as a directed graph with a set of labeled nodes, ranged over by , which represent the VNFs and a set of labeled edges—in the remainder called arcs—ranged over by , which represent links among different VNFs. The level of a node denote the type of functionality provided by the specific VNF in set , ranged over by , and we assume that there exists a total function which, for any VNF , returns its label (i.e., its type). We distinguish between a VNF and its type because different VNFs, also in the same domain, can offer the same functionality and have the same type. Nevertheless, when no ambiguity arises, we will identify a VNF with its type. For example, in the service chain request provided by the user, the list of VNF which is provided is, strictly speaking, the list of VNF types which are required (the user is interested in a functionality, not in the specific component implementing it). Label of arcs denote costs of the arcs and we indicate by the cost of an arc Paths are defined as usual333For the notions on graphs not directly defined here please see [cormen2009introduction, deo2017graph]..
As we have seen in previous section, conceptually VNFs are organized in domains that is, our graph is divided into several sub-graphs. We represent this structure by introducing a set of domains, ranged over by , and assuming that there exists a total function Domain: which for any VNF provides its domain Domain(). We assume that each domain in our network has exactly one VNF providing the (domain border) gateway functionality. In order to model the domain interconnection described above, we assume that the set of arcs in our network consists of two types of arcs: those connecting the gateway to all the other VNFs in the same domain (with cost 0) and those connecting a gateway to all the gateways VNF appearing in the other domains, with a positive cost. We are now ready to define the notion of SFCtree. Intuitively this represents the chain of functions which, in a given network, satisfy the service request expressed by the user. Note that we consider a tree rather then a simple path because in some cases the chain of functions, beside a source and a target, include some other terminating nodes which provide specific functionalities: for example, a DPI VNF has the task of logging messages and does not participate in message routing. Moreover, nodes (VNFs) in the same domain are represented as sons of a gateway.
Definition 2 (SFCtree)
Given a directed graph representing a network architecture, an SFCtree444The definition is parametric w.r.t. the given graph, however we do not represent such a parameter explicitly, to simplify the notation. is a rooted tree which is a subgraph of and such that the leafs of are (labeled by) VNFs types different from gateway, while the nodes that are not leafs are (labeled by) gateway.
As a first approximation, our configuration problem consists in finding an SFCtree which satisfies the service request specified by the user in terms of intents. There are however some additional, domain level, constraints on the VNFs to be used in the SFC which are needed to obtain a correct solution. For example, we may need to know whether a VNF needs to be "mirrored" , meaning that when appears in a chain then another, dual, VNF is needed in the same chain (for example an encryption function needs later a decryption). Also, some quantitative information are needed at domain level, such as lower and upper bounds on the number of VNFs of the same type in a given domain. These additional constraints are not expressed by the intents of the users (who might ignore the detailed domain structure of the network) but are introduced in a middle layer before formulating the actual service request. As we have done for SFC user request, we represent these constraints following the JSON Schema.
Definition 3 (Domain-constraints)
A Domain-constraint is a JSON specification compliant with the following JSON Schema
In the JSON Schema above, we use the "description" attribute to hint the content of each element. A Domain-constraint then represents a set of tuples where is a domain, is a VNF type, and are natural numbers, with the meaning that in the domain there are at least and at most VNFs having the type .
To complete Definition 3, we report an example of a Domain-constraint which could be imposed by domain administrators. Here s and d are the source and destination domains of Example 1 and we see that the administrator set to 1 and 2 the minimal a maximal number of WANA functions allowed in s; the constraint specifies also that a single DPI function is required in s (i.e., minimal and maximal capacities coincide) and a single VPN (and NAT) is required in the destination d.
Before defining formally our SFC design problem we now need to define when an SFCtree—that intuitively represents a solution—satisfies the user request and the Domain constraints. To this aim, we first provide the following definition.
Assume that is an SFC user request specified as in Definition 1 which defines the and a . Then we define request-tree(R) as the tree where the set of nodes is with , and the set of arcs is .
Intuitively, given a user request , request-tree(R) is the tree that represents the traversal order of the various VNFs, from the source to the destination domain, to obtain a solution. We have a tree rather then a sequence of VNFs because we take into account also the information provided by dupList which, as mentioned before, specifies when the traffic needs to be duplicated before entering in a node (VNF).
Given a user request which specifies and , with in the source domain and in the destination domain, a request-tree consists of , .
Next we define the satisfaction of user request and domain constraints. In the following we use the terminology and notation introduced in Definitions 1 and 3. We also assume that the last VNF specified in the user vnfList is present in the destination domain (if this were not the case we could introduce and additional VNF but we prefer to avoid this in order to simplify the notation).
We say that an SFCtree satisfies user request and domain constraints if the following holds, where and are the domains values specified in dst and src of request :
the domain of the root of is and there exists a leaf in whose domain is .
is the set with some additional gateway nodes and there exists an injective mapping such that, , ;
such that and there exists a path in between and containing only gateway nodes;
for each if then and if then ;
for each tuple represented by such that the type appears (as label of a node) in , holds, where .
Note that, as indicated in item iv), we assume that the domain constraints refer to the VNF specified in the vnfList provided by the user.
We are now ready to state formally our configuration problem.
Definition 6 (SFC design problem)
Given a graph that represents a network architecture, an SFC user request and domain constraints , the SFC design problem consists in finding an SFCtree that satisfies the request and the constraint . Such an SFCtree, if it exists, is called an admissible solution. Furthermore, the optimal SFC design problem consist in finding an admissible solution which minimize the following cost function: . In this case the solution found is called optimal SFCtree.
The following result shows that the problem that we are considering here is a difficult one. The proof is omitted for space reason and can be done by the reduction of the -minimum spanning tree problem which is known to be NP-hard [ravi1996spanning].
Theorem 1 (NP-hardness)
The optimal SFC design problem is NP-hard.
4 SFC modeling with Constraint Programming
In order to solve our SFC design problem we translate it into a MiniZinc [nethercote2007minizinc] finite domain specification. MiniZinc is a high level, solver independent, constraint modeling language which is widely used and is supported by large variety of constraint solvers. We assume some familiarity with MiniZinc and we invite the reader to consult [nethercote2007minizinc] for further details.
Our translation is a direct encoding of the SFC design problem as defined in Section 3 in MiniZinc constraints. More precisely, we first model in terms of the MiniZinc language the network architecture and then we translate in MinZinc the user request and the domain constraints defined in the JSON format. The MiniZinc specification of the network architecture is a straightforward translation of the graph described in the previous section and is provided below (comments are indicated by ).
Upon a user request expressed in the intent format, we use a script to extract necessary information and by using dupList we parses the vnfList into vnf_arcs that represents the arcs of request-tree and finally we create an instance for MiniZinc.
As for the specification of the SFC request and domain constraints, described in definitions 1 and 3 in terms of JSON specifications, we use a script to extract necessary information and by using dupList we parses the vnfList into the vnf_arcs array below. Analogously we parse the domain constraints to build the domain_constraint array and we obtain the following MiniZinc code:
To model our problem we then introduce two groups of MiniZinc variables, the first representing the selection of arcs, links, domains and domain connection, and the second to ensure that the selected nodes corresponding to the VNFs in vnfList
and their order is feasible. Next we introduce the constraints which can be classified into three groups: the first one states the relations between variables (a.k.a channel constraints), the second guarantees that the variable values meet the request requirements and the last one ensure the tree properties of the solution. The key variable among all is the variablelink_selection, it is possible to build a relation with it to any other variables, e.g. to specify if a node or domain is selected it is enough to say whenever a link is selected then the related nodes and their domains are selected. The details of this formalization are omitted for space reasons and can be found in [minizinc_imp].
With these constraints we are able to obtain an admissible SFCtree. The optimal solution is the obtained by optimizing the sum of domain link costs of among all possible admissible solutions.
5 Empirical Validations
We now describe the validation experiments which we have conducted in order to compare the performance of different state-of-the-art solvers and to assess the efficiency and scalability of our approach.
As for the experiment setup, we have generated the dataset representing the network in a random way. We assume nodes and domains with . We select out of the nodes and consider them as gateway while for the remaining nodes we associate randomly to each of them a VNF type from the set of types assumed in this paper (see Section 3). Next we defined the arcs according to the definition in Section 3.2 with costs in the range . Regarding the SFC user request, we created a dataset of possible requests that may occur in practice, which are compliant with the assumptions we made in the paper and with the ETSI specifications [isg2015gs], from which we randomly choose specific instances. We consider the number of nodes and the number of domains as features that characterize the specific instance dimension. For each instance dimension we generate 10 scenarios and for each scenario we generate 10 requests which will be performed sequentially. We record the response time, that is the time needed to find optimal solution or to discover that the instance is unsatisfiable, with a cutoff time as 5 seconds for each run. The experiments were run on a Debian cluster with machines equipped with Intel Core 3.30GHz and 8 GB of RAM.
We first compared the performance of five different state-of-the-art CP solvers, namely, Or-Tools [ortools2018], Choco [choco], JaCoP [kuchcinski2013jacop] Gecode [schulte2006gecode], Chuffed [chu2010symmetries] and two Mixed Integer Programming (MIP) solvers, Gurobi [gurobi2015gurobi] (one of the most performing MILP solvers [gurobi75benchmark]) and CBC [cbcref]555The Or-Tools were downloaded from Google OR official page and other solvers were taken either from SUNNY-CP [DBLP:conf/lion/AmadiniGM14, amadini2015sunny] or from the MiniZinc distribution . on the optimal SFC design problem. The solvers were run on scenario with 300 nodes and different number of domains (from 3 to 30), each request was combined with 2 random domain constraints. In the graph 3 (a) we show the response time with Par2 penalty, where when a run was not completed at timeout we consider its runtime as two times of the timeout (10 sec) 666The performance of Gecode and JaCoP were omitted since their performance were much lower than those of the other solvers.. Under the Par2 metric, it can be seen that Chuffed and Or-Tools were the most competitive solvers in our case, in particular, Chuffed runs faster with few number of domains (less than 10) while Or-Tools is more robust addressing instance with larger number of domains. The part (b) of Fig 3 shows the percentage of runs failed to prove optimality or unsatisfiability within timeout. It can be seen that Choco and Or-Tools were the most competitive where they solved almost all the instances with less than 24 domains. Chuffed started to have unsolved instances when the number of domains goes beyond 9, however, it is still much better that other solvers where they had failed runs even with 3 domains. It worth noticing that the MIP solver Gurobi was less competitive than the CP solver in our case, even though, the MIP/ILP is the most popular approach for NFV/SDN problems today.
In the second set of experiments we considered only the solver Or-Tools and we considered two groups of tests: fixing a number of nodes we vary the number of domains from 3 to 30; fixing a number of domains we vary the number of nodes from 30 to 800. In this case, the average runtime has excluded failed runs. As one can see from Fig 4, our application find the optimal solution for instances having more than 300 nodes and 10 domains in less then a second777We also measured the runtime when request instance is unsatisfiable, generally, it takes as much time as computing a satisfiable instance..
Moreover, for the part (b) of the figure one sees that time grows almost linearly at the growth of node numbers. Since in practical applications one has hardly more than 10 domains and one has hardly a large number of nodes, and also, the links between domains are much less than our fully connected case, the results confirm that our system is relevant to address the SFC design problem and can scale up to consider large networks. It is worth mentioning that, for instance, the International Telecommunication Union in its Recommendation [ITU] sets an upper bound to the time needed to set up of a service at 7.5 seconds, well above the time needed here to solve the SF-Chaining problem.
6 Discussion and Conclusion
To the best of our knowledge the only other paper applying CP techniques to programmable communication networks is [layeghy2016scor], where the authors consider the specific problem of optimizing the QoS of routing applications. Here we consider a completely different problem, namely the definition of expressive and efficient tools to solve the Service Function Chaining design problem in general. There exists a large body of literature on the problem of mapping an SFC to the (possibly virtualized) substrate network, optimizing some notion of QoS. This problem, also called Service Function Chain Resource Allocation (SFC-RA), has been mainly addressed with (Mixed) Integer Linear Programming (M)ILP techniques. However, since in its full generality SFC-RA is an NP-hard problem, many alternative approaches rely on approximated methods and (meta)-heuristics (cf. [CommSurvSDN2014, CommSurvNFV2016, XieLWW16, HB16] for more precise indications). When compared with other exact methods based on (M)ILP, CP provides a more flexible and general approach. Since (M)ILP approaches consider a specific formulation of the problem—customized for a narrow class of applications with a specific function to be optimized—and require a large number of decision variables and (in)equations, it becomes difficult to adapt existing solutions to other cases. Performance-wise, we cannot directly compare our work to other MILP based approaches, since the problem we are solving here is more general than the specific ones treated in the literature. However, our experimental results show that CP solvers are more efficient than MILP solvers on the problem we consider and support our claim that the proposed model can scale efficiently.
As future work, we will include our tool into a networking tool-chain for directly applying synthesized SFC plans on target networks. We intend to further investigate the definition of a high level, intent-based language for SFC specification. Beside allowing to express quickly and intuitively SFC requests, such an abstract language naturally would allow to use modularization and typing [pierce2002types] principles with the following benefits. First, support for the creation of libraries of standardized SFCs, e.g., configurations that adhere to administrative regulations which can be directly used with little customization effort. Second, the definition of complex specifications obtained by combining simpler ones. Third, to efficiently check if SFC specifications are well-formed (e.g., if the traffic encrypted by a VPN is decrypted by a complementary function ) and if they follow best practices (e.g., by warning users that, by using a VPN function outside the domain of the source, the traffic might be exposed to attackers).